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A method and system for real-time transmitting frame-formatted user data 
through joining thereto frame localizing data placed in predetennined govemance locations, 
whilst before transmission effecting an encryption procedure that excludes said localizing data, 
and a system, a transmitter apparatus, a receiver apparatus, and a signal produced by such 
5 transmitter apparatus for use with such method. 



BACKGROUND OF THE INVENTION 

The invention relates to a system as recited in the preamble of Claim 1. Data, and 

10 in particular, but not restricted to, multi-media data are at present being encrypted for 

implementing inter alia various conditional access schemes to allow creators and distributors of 
the original matter to collect an appropriate amount of retributions from users of such 
information. At the receiver side, the user data must be recuperated in order to allow for orderly 
representing, viewing, listening, executing, and other user-associated operations. The actual 

15 transmission via some transmission medium, such as a. network, will take place on a packetized 
level, where the packets are standardized for the network or networks in question. 

A first approach is to effect the encryption on the basis of a Real Time Protocol 
transmission packet, which is a relatively simple procedure and is alright for protecting the 
transmission proper. A higher protection level may be attained that will also remain in force at 

20 the receiver side: this may be done by having the encryption implemented on the basis of the 
frame structure of the source or user data. It is also feasible to implement a combination of the 
two above approaches. Now, the encryption should advantageously be executed in a standard 
component that should not need to effect complicated preprocessing to find the start of a frame. 
Therefore, all of the above procedures will need an easy mechanism to straightforwardly find 

25 the beginning of the frames. 
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SUMMARY TO THE INVENTION '[ 
In consequence, amongst other things, it is an object of the present invention to . 
add specific localizing information to allow the encoder mechanism and possibly, also the 
decoder mechanism to quickly and easily find the start of the various firames. 
5 Now therefore, according to one of its aspects the invention is characterized 

according to the characterizing part of Claim I. 

Further to the above, the present inventor has recognized that a slight 
modification to the above may allow to have only a part of the user data being effectively 
encrypted, whilst still enabling the immediate localizing of the various such encrypted parts, as 
10 has been recited in Claim 8. The invention also relates to a system being arranged for 

implementing the method as claimed in Claim 1, to a transmitter apparatus and to a receiver 
apparatus for use in such system, and to a signal produced by such transmitter apparatus. Further 
advantageous aspects of the invention are recited in dependent Claims. 

15 

BRIEF DESCRIPTION OF THE DRAWING 

These and further aspects and advantages of the invention will be discussed more 
in detail hereinafter with reference to the disclosure of preferred embodiments, and in particular 
with reference to the appended Figures that show: 
20 Figure I, a system arranged for implementing the inventive method; 

Figure 2, a data format implementation for use in the present invention; 

Figure 3, an amended format with respect to Figure 2 that has partial encrypting. 



25 DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS 

The quality of content information, such as audio or video on the Internet is 
improving due to steady advances in coding technology and in transmission bandwidth. Content 
providers intend to sell such high value content, and therefore, a need is arising for effecting 
conditional access or digital rights management, as it is called. Such conditional access system 

30 will encrypt a content item and will subsequently manage the associated decryption keys in such 
manner that only authorized end users will be able to decrypt and thereby reconstitute the 
original content in full. 

Now, multi-media data is generally structured in frames, wherein the size of a 
frame is related to the category of information. Furthermore, the size of a transmitted frame may 



2 



.18-12-2000 



tPririted:24-08-20p1 j W§ [dESC.;); 

3 15.12.2000 
relate to the degree of compaction and other processing it has been subjected to before 
i. encryption. In fact, the frames may be larger as well as smaller than the packets used for actual 
transmission. Therefore, a single transmission packet may contain one or more frames, or 
fractional parts of a frame. Streaming is a technology wherein a client will play or otherwise use 
5 the content as soon as it will arrive, so there will be no downloading of all, or a substantial part 
of, an entire content before playing. Streaming will not allow for retransmission of packets. The 
content user will have to cope with the occurrence of lost data. 

Now for optimum protection, content is best encrypted at the frame level, even 
with non-uniform frame size. Such encryption at the frame level will allow for persistent or end- 
ID to-end encryption that apphes to both transmitted as well as to stored content. Preferably, the 
system component that implements the actual encryption is a generic component, and should 
therefore be independent of specific streaming servers and independent of specific firame 
fomiats. One way to achieve this is to define the encryption component as a Realtime- 
Transmission-Protocol- or RTP-translator. At present, virtually all streaming servers are using 
1 5 the RTP streaming protocol. Therefore, the encryption component could receive the RTP 
packets, encrypt the payload, and subsequently forward the encrypted RTP packets. 
Alternatively, the encryption may be integrated with the streaming server. 

Alternatively, the encryption may be executed on the level of the RTP-packet. 
This will protect the transmission proper, whilst surrendering part of the protection at the 
20 receiver sid after receiving. Also, a combination of these two encryption approaches is feasible, 
such as by assigning the appropriate encryption level on the basis of a contingency strategy viz a 
viz available hardware facilities. 

A problem is posed in that the headers of the frames must remain unencrypted, 
such as when the encryption is effected at the frame level. This requires that the generic 
25 encryption component should analyze the payloads of the RTP packets to identify the positions 
of the frame headers. Such would however lower the performance of the encryption component, 
and will also make the encryption component dependent on actual frame formats. 

The present invention provides a solution to the problem in question by 
extending the headers of RTP packets to include pointers to those parts of the RTP packet 
30 payload that actually need to be encrypted. The pointers are set by the streaming server. The 

server may do this as part of the so-called hint process, that is an off-line analysis of multi-media 
data, so that the data may be streamed more efficiently at a later instant in time. The result of the 
hint process is stored in parallel to the content in a so-called hint track. 
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Figure 1 illustrates a system arranged for implementing the inventive method. 
Input 23 receives the user data frames, that are transiently stored into storage 22, that 
accommodates a plurality of such frames. Processing block 24 thereupon joins to these data 
frames frame header localizing informations in the context of an RTP packet that may comprise 
5 a plurality of such user frames, but not necessarily an integer number thereof. The result of this 
processing is transiently stored in block 26 that acconmiodates multiple RTP payloads. For 
brevity, the specific hint track mentioned supra has not been shown separately. In fact, the hint 
track facility is recognized by persons skilled in the art as a standard facility. In practice, such 
hint track will be implemented at the input side of block 23 to allow indicating the various frame 

10 locations. Before transmission, the user data are encrypted in encryption module 28 and 
transmitted over communication facility 30, such as Internet. The whole procedure at the 
transmitter side of the system shown may be synchronized by overall synchronization facility 20 
as indicated by dashed lines leading therefrom. 

At the receiving side, decryption is effected through decryption facility 34, and 

15 the result thereof is transiently stored in block 36. Reconstitution of the user frames is effected in 
processing facility 38, followed by transientiy storing in block 40. User application is then 
symbolized by block 42. Storage blocks 36, 40 do not accommodate downloading of a complete 
program or a substantial part thereof, but rather will provide for some synchronizing to cater for 
transfer speed variations of communication facility 30. Again, at the receiver side, overall 

20 synchronization is effected through synchronizer block 32. 

Figure 2 illustrates an exemplary data format implementation for use in the 
present invention. For brevity, only a single implementation has been shown. Various data 
blocks 50-60 of the RTP configuration have been shown in the Figure. Of these, blocks 54-60 
constitute the RTP payload, wherein blocks 56, 60 each contain an encrypted frame payload, 

25 and blocks 54, 58 contain the associated frame headers. Note that the lengths of blocks 56, 60 
need not be uniform. Block 50 contains an RTP header, and is followed by block 52 that 
contains pointers. As shown in the figure, the pointers 62 indicate both the beginning and the 
end of each encrypted frame payload. Now, the header 50 is found in the hint track; pointers 52 
are extensions of the RTP header 50. This hint track is used by the streaming server for 

30 packaging the RTP packets. 

Figure 3 illustrates an amended format with respect to Figure 2 that has partial 
encrypting of the user data. For brevity, only the aspects that differentiate from Figure 2 have 
been indicated specifically. Within the frame payload, the discrimination between encrypted (E) 
and unencrypted user data has been indicated by a slanted line. The localizing information 
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indicated by 62 in this case will now specifically indicate (63, 65) the ends of the respective 
encrypted parts, assuming that the encryption starts from the beginning of the frame's user data. 
Of course, other partial encryptions may be used. The encryption itself may be done on the level 
of a frame or partial frame, on the level of a packet, or be based on a combination thereof. 
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1 . A method for real-time transmitting or retransmitting frame-formatted user data 
whilst thereon effecting before such (re-)transmitting an encryption procedure, 

said method being characterized by the step of, associated to subjecting said user 
data to said encryption procedure, joining to said user data appropriate frame localizing data and 
placing such frame localizing data into predetermined governance locations which, just as well 
as header informations, are excluded from subsequent said encryption procedure. 

2. A method as claimed in Claim 1, wherein such governance locations are header 
extension information locations. 

3. A method as claimed in Claim 1, wherein said user data after encryption are 
transmitted in RTP-packets, and wherein said user data are encrypted on a level of said RTP 
packet 



15 4. 

level. 



A method as claimed in Claim 1, wherein said user data are encrypted on a frame 



5. A method as claimed in Claims 3 or 4 wherein said transmission allows for 
imparting partial frames to a packet, as well as allowing to impart a plurality of frames to a 

20 single packet. 

6. A method as claimed in Claim 2, wherein such header extension information 
location has a plurality of frame localizing data. 



25 7. A method as claimed in Claim 1, wherein such governance locations are placed 

within a separate hint track. 
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8. A method as claimed in Claim 1, whilst subjecting only a part of said user data to 

said encryption procedure whilst providing for encryption localizing data in said govemance . 
locations to discriminate between encrypted and non-encrypted parts of said user data. 

5 9. A system arranged for implementing a method as claimed in Claim 1 and having 

transmission means for real-time transnnitting or retransmitting frame-formatted user data and 
encryption means for effecting before such (re-)transmitting an based encryption procedure on 
said user data, 

said system being characterized by comprising next to said encryption means 
10 joining means for joining to said user data frame localizing data and placing such frame 
localizing data into predetermined govemance locations which, just as well as header 
informations, are excluded from subsequent said encryption. 

10. A system as claimed in Claim 9, and being arranged for interfacing to Internet as 
15 a transmission medium. 

11. A transmitter apparatus being arranged for use as a station in a system as claimed 
in Claim 9, 

20 12. A signal produced by a station as claimed in Claim 1 1 . 

13. A receiver apparatus being arranged for use as a station in a system as claimed in 
Claim 9 and having decryption means for upon reception decrypting user data that had been 
subject to said encryption procedure for outputting user data so decrypted as based on frames 

25 containing said user data. 

14, A receiver apparatus as claimed in Claim 13, wherein said decryption means are 
operational on a frame level. 

30 15. A receiver apparatus as claimed in Claim 13, wherein said decryption means are 

operational on a packet level. 
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Frame-formatted user data is real-time transmitted whilst thereon effecting 
before transmission a frame-based encryption procedvire. In particular, before subjecting to the 
encryption procedure, localizing data is joined to the data frame and placed into predetermined 
governance locations that are excluded from the subsequent encrypting. 
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